The Exploit Database - CXSecurity.com https://cxsecurity.com/wlb/ The Exploit Database - World Laboratory of Bugtraq 2 CXSecurity.com en-US Mon, 17 Feb 2025 14:09:52 +0000 CXSecurity CXSecurity: World Laboratory of Bugtraq 2 https://cxsecurity.com/wlb/rss/exploit/ https://cxsecurity.com/images/wlb/wlblogo.png The Exploit Database - World Laboratory of Bugtraq 2 (WLB2) MySchool 1.0 SQL Injection / Code Injection / XSS / CSRF https://cxsecurity.com/issue/WLB-2025020003 WLB-2025020003 2025-02-01 09:40:45 CET bRpsd Topic: MySchool 1.0 SQL Injection / Code Injection / XSS / CSRF Risk: High Text:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title > MySchool System - Multiple Vulnerabil... Sat, 01 Feb 2025 09:40:45 +0000 SOPlanning 1.52.01 Remote Code Execution https://cxsecurity.com/issue/WLB-2025010001 WLB-2025010001 2025-01-02 22:03:18 CET Ardayfio Samuel Nii Aryee Topic: SOPlanning 1.52.01 Remote Code Execution Risk: Medium Text:# Exploit Title: SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated) # Date: 6th Oc... Thu, 02 Jan 2025 22:03:18 +0000 Laravel 11.0 Cross Site Scripting https://cxsecurity.com/issue/WLB-2024120021 WLB-2024120021 2024-12-18 21:14:05 CET E1.Coders Topic: Laravel 11.0 Cross Site Scripting Risk: Medium Text:/*! - # VULNERABILITY: Cross Site Scripting Laravel version 11.0  - # Authenticated Persistent XSS - # GOOGLE DORK: inurl:.... Wed, 18 Dec 2024 21:14:05 +0000 Asterisk AMI Originate Authenticated Remote Code Execution https://cxsecurity.com/issue/WLB-2024120001 WLB-2024120001 2024-12-03 22:32:55 CET h00die Topic: Asterisk AMI Originate Authenticated Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Tue, 03 Dec 2024 22:32:54 +0000 CUPS IPP Attributes LAN Remote Code Execution https://cxsecurity.com/issue/WLB-2024110051 WLB-2024110051 2024-11-30 22:27:13 CET Spencer McIntyre Topic: CUPS IPP Attributes LAN Remote Code Execution Risk: High Text:class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Exploit::Remote::DNS::Common include Expl... Sat, 30 Nov 2024 22:27:13 +0000 needrestart Local Privilege Escalation https://cxsecurity.com/issue/WLB-2024110044 WLB-2024110044 2024-11-28 22:51:03 CET Qualys Security Advisory Topic: needrestart Local Privilege Escalation Risk: Medium Text:Qualys Security Advisory LPEs in needrestart (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-... Thu, 28 Nov 2024 22:51:03 +0000 Pyload Remote Code Execution https://cxsecurity.com/issue/WLB-2024110031 WLB-2024110031 2024-11-18 16:23:56 CET Spencer McIntyre Topic: Pyload Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Mon, 18 Nov 2024 16:23:55 +0000 BYOB Unauthenticated Remote Code Execution https://cxsecurity.com/issue/WLB-2024100027 WLB-2024100027 2024-10-16 20:51:59 CET Valentin Lobstein Topic: BYOB Unauthenticated Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Wed, 16 Oct 2024 20:51:59 +0000 WordPress LMS 4.2.7 SQL Injection https://cxsecurity.com/issue/WLB-2024100024 WLB-2024100024 2024-10-13 14:44:34 CET Avento Topic: WordPress LMS 4.2.7 SQL Injection Risk: Medium Text:# CVE-2024-8522 LearnPress – WordPress LMS Plugin &lt;= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields' ## Stac... Sun, 13 Oct 2024 14:44:34 +0000 PHP-Nuke Top Module SQL Injection https://cxsecurity.com/issue/WLB-2024100018 WLB-2024100018 2024-10-08 20:23:25 CET Emiliano Febbi Topic: PHP-Nuke Top Module SQL Injection Risk: Medium Text:# Exploit Title: PHP-Nuke ( SQL injection Top Module + protection Bypass ) # Google Dork: intext: Powered by PHP-Nuke # Date:... Tue, 08 Oct 2024 20:23:24 +0000 Acronis Cyber Infrastructure Default Password Remote Code Execution https://cxsecurity.com/issue/WLB-2024100017 WLB-2024100017 2024-10-07 21:22:35 CET h00die-gr3y Topic: Acronis Cyber Infrastructure Default Password Remote Code Execution Risk: Low Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Mon, 07 Oct 2024 21:22:35 +0000 Microsoft Windows TOCTOU Local Privilege Escalation https://cxsecurity.com/issue/WLB-2024090034 WLB-2024090034 2024-09-18 21:19:15 CET jheysel-r7 Topic: Microsoft Windows TOCTOU Local Privilege Escalation Risk: Medium Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Wed, 18 Sep 2024 21:19:15 +0000 SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution https://cxsecurity.com/issue/WLB-2024090026 WLB-2024090026 2024-09-16 22:03:54 CET Valentin Lobstein Topic: SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution Risk: Low Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Mon, 16 Sep 2024 22:03:54 +0000 SerComm Network Device Backdoor Detection https://cxsecurity.com/issue/WLB-2024090021 WLB-2024090021 2024-09-10 19:51:15 CET Eloi Vanderbeken Topic: SerComm Network Device Backdoor Detection Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Tue, 10 Sep 2024 19:51:13 +0000 OKI Printer Default Login Credential Scanner https://cxsecurity.com/issue/WLB-2024090014 WLB-2024090014 2024-09-08 18:52:51 CET antr6X Topic: OKI Printer Default Login Credential Scanner Risk: Low Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Sun, 08 Sep 2024 18:52:51 +0000 VICIdial Multiple Authenticated SQL Injection https://cxsecurity.com/issue/WLB-2024090011 WLB-2024090011 2024-09-03 21:02:00 CET h00die Topic: VICIdial Multiple Authenticated SQL Injection Risk: Medium Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Tue, 03 Sep 2024 21:02:00 +0000 TVT NVMS-1000 Directory Traversal https://cxsecurity.com/issue/WLB-2024090010 WLB-2024090010 2024-09-03 21:01:34 CET Dhiraj Mishra Topic: TVT NVMS-1000 Directory Traversal Risk: Medium Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Tue, 03 Sep 2024 21:01:34 +0000 IntelliNet 2.0 Remote Root https://cxsecurity.com/issue/WLB-2024090009 WLB-2024090009 2024-09-03 21:01:21 CET Jean Pereira Topic: IntelliNet 2.0 Remote Root Risk: High Text:#!/usr/local/bin/node const { execSync } = require('child_process'); const readline = require('readline'); let TARGET = ''... Tue, 03 Sep 2024 21:01:21 +0000 Microsoft Exchange Privilege Escalation https://cxsecurity.com/issue/WLB-2024090007 WLB-2024090007 2024-09-03 21:00:22 CET _dirkjan Topic: Microsoft Exchange Privilege Escalation Risk: Medium Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Tue, 03 Sep 2024 21:00:21 +0000 Apache Karaf Default Credentials Command Execution https://cxsecurity.com/issue/WLB-2024090006 WLB-2024090006 2024-09-02 20:57:52 CET Nicholas Starke Topic: Apache Karaf Default Credentials Command Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Mon, 02 Sep 2024 20:57:51 +0000 A10 Networks AX Loadbalancer Directory Traversal https://cxsecurity.com/issue/WLB-2024090003 WLB-2024090003 2024-09-01 21:04:16 CET xistence Topic: A10 Networks AX Loadbalancer Directory Traversal Risk: Medium Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Sun, 01 Sep 2024 21:04:16 +0000 WordPress NextGEN Gallery Directory Read https://cxsecurity.com/issue/WLB-2024090002 WLB-2024090002 2024-09-01 21:04:04 CET Roberto S. Soares Topic: WordPress NextGEN Gallery Directory Read Risk: Medium Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Sun, 01 Sep 2024 21:04:04 +0000 SAP BusinessObjects Web User Bruteforcer https://cxsecurity.com/issue/WLB-2024090001 WLB-2024090001 2024-09-01 21:03:40 CET Jay Turla Topic: SAP BusinessObjects Web User Bruteforcer Risk: Low Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Sun, 01 Sep 2024 21:03:39 +0000 OpenMediaVault rpc.php Authenticated Cron Remote Code Execution https://cxsecurity.com/issue/WLB-2024080016 WLB-2024080016 2024-08-08 08:38:05 CET Brandon Perry Topic: OpenMediaVault rpc.php Authenticated Cron Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Thu, 08 Aug 2024 08:38:05 +0000 WordPress PayPlus Payment Gateway SQL Injection https://cxsecurity.com/issue/WLB-2024080014 WLB-2024080014 2024-08-08 08:36:07 CET j3r1ch0123 Topic: WordPress PayPlus Payment Gateway SQL Injection Risk: Medium Text:#!/usr/bin/env python3.11 import requests import time def exploit(url): payload = {"wc-api": "payplus_gateway&status_... Thu, 08 Aug 2024 08:36:06 +0000 Devika v1 Path Traversal via snapshot_path https://cxsecurity.com/issue/WLB-2024080008 WLB-2024080008 2024-08-04 21:12:49 CET Alperen Ergel Topic: Devika v1 Path Traversal via snapshot_path Risk: Medium Text:# Exploit Title: Devika v1 - Path Traversal via 'snapshot_path' Parameter # Google Dork: N/A # Date: 2024-06-29 # Exploit Au... Sun, 04 Aug 2024 21:12:49 +0000 Softing Secure Integration Server 1.22 Remote Code Execution https://cxsecurity.com/issue/WLB-2024070041 WLB-2024070041 2024-07-22 20:20:22 CET mr_me Topic: Softing Secure Integration Server 1.22 Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Mon, 22 Jul 2024 20:20:22 +0000 Ghostscript Command Execution / Format String https://cxsecurity.com/issue/WLB-2024070039 WLB-2024070039 2024-07-22 20:19:06 CET Thomas Rinsma Topic: Ghostscript Command Execution / Format String Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Mon, 22 Jul 2024 20:19:05 +0000 Adobe Commerce / Magento Open Source XML Injection / User Impersonation https://cxsecurity.com/issue/WLB-2024070038 WLB-2024070038 2024-07-22 20:18:48 CET RedWay Security Topic: Adobe Commerce / Magento Open Source XML Injection / User Impersonation Risk: Medium Text:#!/usr/bin/env ruby -W0 require 'bundler' Bundler.require(:default) DEBUG = false USE_PROXY = false PROXY_ADDR = '127.... Mon, 22 Jul 2024 20:18:48 +0000 Atlassian Confluence Administrator Code Macro Remote Code Execution https://cxsecurity.com/issue/WLB-2024070028 WLB-2024070028 2024-07-11 20:31:30 CET W01fh4cker Topic: Atlassian Confluence Administrator Code Macro Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Thu, 11 Jul 2024 20:31:30 +0000 Ivanti EPM RecordGoodApp SQL Injection / Remote Code Execution https://cxsecurity.com/issue/WLB-2024070016 WLB-2024070016 2024-07-09 21:26:47 CET Christophe de la Fuente Topic: Ivanti EPM RecordGoodApp SQL Injection / Remote Code Execution Risk: Medium Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Tue, 09 Jul 2024 21:26:45 +0000 Payroll Management System 1.0 Remote Code Execution https://cxsecurity.com/issue/WLB-2024060060 WLB-2024060060 2024-06-24 19:41:26 CET ShellUnease Topic: Payroll Management System 1.0 Remote Code Execution Risk: High Text:# Exploit Title: Payroll Management System v1.0 RCE (Unauthenticated) # Google Dork: intitle:"Employee's Payroll Management Sy... Mon, 24 Jun 2024 19:41:25 +0000 Apache OFBiz Forgot Password Directory Traversal https://cxsecurity.com/issue/WLB-2024060059 WLB-2024060059 2024-06-24 19:41:08 CET jheysel-r7 Topic: Apache OFBiz Forgot Password Directory Traversal Risk: Medium Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Mon, 24 Jun 2024 19:41:08 +0000 Netis MW5360 Remote Command Execution https://cxsecurity.com/issue/WLB-2024060058 WLB-2024060058 2024-06-24 19:40:21 CET h00die-gr3y Topic: Netis MW5360 Remote Command Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Mon, 24 Jun 2024 19:40:21 +0000 Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution https://cxsecurity.com/issue/WLB-2024060039 WLB-2024060039 2024-06-17 07:49:10 CET sfewer-r7 Topic: Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Mon, 17 Jun 2024 07:49:10 +0000 PHP Remote Code Execution https://cxsecurity.com/issue/WLB-2024060031 WLB-2024060031 2024-06-15 16:26:41 CET Yesith Alvarez Topic: PHP Remote Code Execution Risk: High Text:# Exploit Title: PHP Windows Remote Code Execution (Unauthenticated) # Exploit Author: Yesith Alvarez # Vendor Homepage: http... Sat, 15 Jun 2024 16:26:40 +0000 VSCode ipynb Remote Code Execution https://cxsecurity.com/issue/WLB-2024060030 WLB-2024060030 2024-06-11 21:36:12 CET h00die Topic: VSCode ipynb Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Tue, 11 Jun 2024 21:36:10 +0000 Aquatronica Control System 5.1.6 Password Disclosure https://cxsecurity.com/issue/WLB-2024060024 WLB-2024060024 2024-06-07 21:47:49 CET LiquidWorm Topic: Aquatronica Control System 5.1.6 Password Disclosure Risk: Medium Text:#!/usr/bin/env python # -*- coding: utf-8 -*- # # # Aquatronica Control System 5.1.6 Passwords Leak Vulnerability # # # ... Fri, 07 Jun 2024 21:47:49 +0000 CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution https://cxsecurity.com/issue/WLB-2024050071 WLB-2024050071 2024-05-22 21:20:46 CET h00die Topic: CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Wed, 22 May 2024 21:20:46 +0000 AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution https://cxsecurity.com/issue/WLB-2024050064 WLB-2024050064 2024-05-22 21:18:47 CET Valentin Lobstein Topic: AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-... Wed, 22 May 2024 21:18:47 +0000